IBM Cognos Metrics Manager TLS RC4 Algorithm Lets Remote Users Decrypt Data : 7/7/2015 8:27:57 AM
Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >> From our sponsors |
Vulnerability Databse |
This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
IBM Cognos Metrics Manager TLS RC4 Algorithm Lets Remote Users Decrypt Data
7/7/2015 12:00:00 AM
IBM Cognos Metrics Manager TLS RC4 Algorithm Lets Remote Users Decrypt Data |
SecurityTracker Alert ID: 1032788 |
SecurityTracker URL: http://securitytracker.com/id/1032788 |
CVE Reference: CVE-2015-2808 (Links to External Site) |
Date: Jul 7 2015 |
Impact: Disclosure of system information, Disclosure of user information |
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 10.2, 10.2.1, 10.2.2 |
Description: A vulnerability was reported in IBM Cognos Metrics Manager. A remote user can obtain potentially sensitive information communicated by target system. A remote user that can monitor TLS network traffic can obtain RC4 encrypted data and conduct a brute-force key guessing attack against RC4 to decrypt the data. |
Impact: A remote user can obtain potentially sensitive information communicated by target system. |
Solution: The vendor has issued a fix (IBM Cognos Business Intelligence 10.2.x Interim Fixes). The vendor's advisory is available at: https://www-304.ibm.com/support/docview.wss?uid=swg21903565 |
Vendor URL: www-304.ibm.com/support/docview.wss?uid=swg21903565 (Links to External Site) |
Cause: Access control error |
Underlying OS: Windows (2003) |
|
Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Diberdayakan oleh Blogger.